rogue routing entry

  • Thread starter Thread starter David Beaven
  • Start date Start date
D

David Beaven

We have a rogue routing entry in the active routes part of a routing table
for an dubious external IP address. We have seen other entries appear then
disappear. Server reboots don't clear the entry. We suspect a trojan.
Routing and remote access claims not to be installed or configured.
Can you suggest a way to trace how this route was added? Would netsh do it?
Any other advice appreciated.
Thanks
David
 
Are these routes Host routes? Could these routing entries becoming from ICMP
redirect? Please post an example of one of the bogus routes.


--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Do these appear in "Route Print"? This area is (apparently)
not completely integrated with RRAS static routes.

Does "route delete" remove it?
(I presume it then reappears, now or after reboot.)

What OS are you running?
Have you scanned the machine for malware and viruses
as you suspect these?
 
Back
Top